lumma | bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f | Triage

Sharing

General

Target

bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f.unknown
Size

565B
Sample

241002-bydhaathrh
MD5

1ad28dad1597eb28ebe2b44dea6f5140
SHA1

e78e5ab21c9eeb9077526a20013bef1e106b2bb5
SHA256

bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f
SHA512

722946e800ab329254818ca67351f3e5a5a631748eb478e5507f19aa6d636c631c1afaca93d1728e3e03f4f4a52190b93f61a03cdac61801c8f91da6dd578c79

Score

10^/10

lumma discovery execution persistence stealer

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://finalstepgetshere.com/uploads/beta222.zip

Extracted

Family

lumma

C2

https://reinforcenh.shop/api

https://stogeneratmns.shop/api

https://fragnantbui.shop/api

https://drawzhotdog.shop/api

https://vozmeatillu.shop/api

https://offensivedzvju.shop/api

https://ghostreedmnu.shop/api

https://gutterydhowi.shop/api

https://pianoswimen.shop/api

Extracted

Family

lumma

C2

https://gravvitywio.store/api

Targets

- Target
  
  bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f.unknown
- Size
  
  565B
- MD5
  
  1ad28dad1597eb28ebe2b44dea6f5140
- SHA1
  
  e78e5ab21c9eeb9077526a20013bef1e106b2bb5
- SHA256
  
  bab3da7536b417c895fdb03cdd337d3cbab1e95f89000f3722a660e2a740a93f
- SHA512
  
  722946e800ab329254818ca67351f3e5a5a631748eb478e5507f19aa6d636c631c1afaca93d1728e3e03f4f4a52190b93f61a03cdac61801c8f91da6dd578c79
Score

10^/10

execution persistence lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence

behavioral2

lummadiscoveryexecutionpersistencestealer